This section provides a short description of predefined reports for the admin user.
Note: If data level security at the observed data level is enabled (see
Data level security filtering), then the audit process output is filtered so
users see only the information about their databases.
Enterprise reports with custom tables: If for any reason,
the central manager did not receive data from a managed unit for the custom table in an enterprise
report in the last 24 hours, the Guardium® UI banner
displays the message:
Central manager experienced failure getting data from collector. Central manager experienced error in the last 24 hours uploading data from collector. It's logged in both the log named cmDataUpload.log and the following report
Click
the report name to open the Scheduled Jobs Exceptions report and view details of the managed units
that had exceptions.
The predefined admin reports are listed in alphabetical order.
Active Risk Spotter - Risky Users Scores
This report details the current risky users, including the server IP, the overall risk score, and
scores for all of the risk indicators.
Active S-TAPs changed
This alert only runs on Central Manager systems. S-TAP Host, S-TAP version, S-TAP changed,
timestamp and count are shown.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Active S-TAPs changed |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
none |
none |
Admin User Logins
Summary of logins to the database using a database user name defined in the Admin Users group.
The report displays the client IP address from which the user with administrative privileges logged
into the database, database user name, source program, session start date and time, and session
total for that record.
Domain |
Based on Query |
Main Entity |
Access |
Admin Users Login |
Session |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Aggregation/Archive Log
This report lists Guardium aggregation activity by Activity Type. Each row of the report contains
the Activity Type, Start Time, File Name, Status, Comment, Guardium Host Name, Records Purged,
Period Start, Period End, and count of log records for the row. You can limit the output by setting
the Guardium Host Name run-time parameter, which is set to % by default (to select all servers). The
Records Purged column contains a count of records purged only when the activity type is Purge.
Domain |
Based on Query |
Main Entity |
Aggregation/Export/Import |
Aggregation/Archive Log |
Agg/Archive Log |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 WEEK |
Period To |
<= |
NOW |
Guardium Host Name |
LIKE |
% |
12.1 and later Aggregator Global Collector ID
This report maps the collector ID and collector name to the aggregator.
Domain |
Based on Query |
Main Entity |
Aggregator Global Collector ID |
Aggregator Global Collector ID |
Aggregator Global Collector ID |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Show Aliases |
Radio buttons |
Default |
Remote Data Source |
Drop-down menu |
|
Refresh Rate |
Drop-down menu |
0 |
All Guardium Applications - Roles
This menu pane displays two reports: All Roles - Application Access - and All Roles; User.
All Roles - Application Access
For each role, this report lists the number of applications to which it is assigned. To list the
applications to which a role is assigned, click on the role and drill down to the Record Details
report.
Domain |
Based on Query |
Main Entity |
Internal - not available |
All Roles - Application Access |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -100 MONTH |
Period To |
<= |
NOW |
All Roles - User
For each role, this report lists the number of users to which it is assigned. To list the users
to which a role is assigned, click on the role and drill down to the Record Details report.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Role - User |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -100 MONTH |
Period To |
<= |
NOW |
Analytic Outlier Details
Domain |
Based on Query |
Main Entity |
Analytic Outliers Details |
Analytic Outliers Details |
Analytic Outliers Details |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
DB User name |
LIKE |
% |
DB Name |
LIKE |
% |
Source program |
LIKE |
% |
Object |
LIKE |
% |
Verb |
LIKE |
% |
Client hostname |
LIKE |
% |
OS user |
LIKE |
% |
Analytic Outlier Details List - enhanced
Domain |
Based on Query |
Main Entity |
Analytic Outliers Details |
Analytic Outliers Details |
Analytic Outliers Details |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
DB User name |
LIKE |
% |
DB Name |
LIKE |
% |
Source program |
LIKE |
% |
Object |
LIKE |
% |
Verb |
LIKE |
% |
Client hostname |
LIKE |
% |
OS user |
LIKE |
% |
Analytic Outlier Summary
Domain |
Based on Query |
Main Entity |
Analytic Outliers Details |
Analytic Outliers Details |
Analytic Outliers Details |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Server IP |
LIKE |
% |
DB User name |
LIKE |
% |
DB Name |
LIKE |
% |
OS User |
LIKE |
% |
Analytic Outlier Summary by Date - enhanced
Domain |
Based on Query |
Main Entity |
Analytic Outliers Details |
Analytic Outliers Details |
Analytic Outliers Details |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Server IP |
LIKE |
% |
DB User name |
LIKE |
% |
DB Name |
LIKE |
% |
OS User |
LIKE |
% |
Analytic Threat Case Details
This report presents details of an identified threat case. You need to enter the case ID and the
datasource to view the report.
Domain |
Based on Query |
Main Entity |
Eagle Eye |
Not available |
Symptom type |
Run-Time Parameter |
Operator |
Default Value |
Enter Value for Case Id |
|
text field |
Show Aliases |
|
Radio buttons (On, Off, Default) |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Appliance Settings
This report displays configuration settings from a Guardium
system. Use the appliance settings report to quickly review and validate Guardium
settings.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Active S-TAPs changed |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Show Aliases |
|
Radio buttons (On, Off, Default) |
Remote Data Source |
|
Drop-down menu |
Application Objects Summary
This report is a summary of every definition in the Guardium application. For instance, type
Oracle in the ObjectNameLike space in the Run-Time Parameters page of Application Objects and find
all the Object Types and Object Descriptions where Oracle is used.
Note: This report presents metadata and as such is not filtered through the Data Level Security
mechanism. This metadata could include database related information such as Oracle SIDs.
Domain |
Based on Query |
Main Entity |
Application Objects |
Application Objects Summary |
Application Objects |
Run-Time Parameter |
Operator |
Default Value |
ObjectNameLike |
% |
% |
ObjectTypeNameLike |
% |
% |
Approved TAP clients
Only specific S-TAPs are permitted to connect to the Guardium application. This report shows
which S-TAP is approved and the status of it.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Approved TAP Clients |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Assessment Datasources
This report is a summary of datasources that are linked to a security assessment.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Assessment and the datasources (or datasource groups) used by the assessment |
SECURITY_ASSESSMENT |
Run-Time Parameter |
Operator |
Default Value |
Assessment |
LIKE |
% |
Refresh rate in seconds |
|
0 |
Assessment Roles Allowed
This report is a summary of the roles that are mapped to a security assessment.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Assessment and the roles defined in the assessment |
SECURITY_ASSESSMENT |
Run-Time Parameter |
Operator |
Default Value |
Assessment |
LIKE |
% |
Refresh rate in seconds |
|
0 |
Assessment Tests
This report lists the tests that are included in a security assessment.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Assessment and the associated tests that are included in the assessment |
SECURITY_ASSESSMENT |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
2009-01-01 00:00:00 |
Period To |
<= |
NOW |
Assessment |
LIKE |
% |
Test Description |
LIKE |
% |
Assessment ID |
LIKE |
% |
Test ID |
LIKE |
% |
Show Aliases |
|
Radio buttons (On, Off, Default) |
Remote Data Source |
|
Drop-down menu |
Refresh Rate (Seconds) |
|
0 |
Available VA Tests
Following reports are available as part of
Available VA
Tests
- Available VA Tests
- Available VA Tests - Detailed
- 12.1 and later Available VA
Tests - CIS
- 12.1 and later Available VA
Tests - STIG
The Available VA Tests report and Available VA
Tests - Detailed report lists all the security assessment tests in the Guardium system
where the reports are generated. The Available VA Tests - Detailed report is a more
comprehensive version of the Available VA Tests report. The Available VA Tests -
CIS and Available VA Tests - STIG reports provide ability to
filter VA Available Tests report by CIS and STIG, respectively.
Available VA Tests report
Use the following selections to configure
the
Available VA Tests report:
Domain |
Based on Query |
Main Entity |
VA Tests |
Available VA tests |
Assessment Tests |
Run-Time Parameter |
Operator |
Default Value |
Test Type |
LIKE |
% |
Category |
LIKE |
% |
Datasource Type |
LIKE |
% |
Severity |
LIKE |
% |
Show Aliases |
|
Radio buttons (On, Off, Default) |
Remote Data Source |
|
Drop-down menu |
Refresh Rate (Seconds) |
|
0 |
Available VA Tests - Detailed report
Use the following selections to configure the
Available VA Tests - Detailed report:
Domain |
Based on Query |
Main Entity |
Internal - not available |
Internal - not available |
Internal - not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
2009-01-01 00:00:00 |
Period To |
<= |
NOW |
Test ID |
LIKE |
% |
Test Description |
LIKE |
% |
Audit Config Template ID |
LIKE |
% |
Datasource Type |
LIKE |
% |
Severity |
LIKE |
% |
Category Name |
LIKE |
% |
Short Description |
LIKE |
% |
External Reference |
LIKE |
% |
Can Have Exceptions Group |
LIKE |
% |
Show Aliases |
|
Radio buttons (On, Off, Default) |
Remote Data Source |
|
Drop-down menu |
Refresh Rate (Seconds) |
|
0 |
12.1 and later Available VA Tests - CIS
Domain |
Based on Query |
Main Entity |
Internal - not available |
Internal - not available |
Internal - not available |
Run-Time Parameter |
Operator |
Default Value |
Enter Value for Test ID |
LIKE |
% |
Enter Value for Data source Type |
LIKE |
% |
Enter Value for Severity |
LIKE |
% |
Enter Value for the Test Type |
LIKE |
% |
Enter Value for Category |
LIKE |
% |
Show Aliases |
|
Radio buttons (On, Off, Default) |
Remote Data Source |
|
Drop-down menu |
Refresh Rate |
|
0 |
12.1 and later Available VA Tests - STIG
Domain |
Based on Query |
Main Entity |
Internal - not available |
Internal - not available |
Internal - not available |
Run-Time Parameter |
Operator |
Default Value |
Enter Value for Test ID |
LIKE |
% |
Enter Value for Data source Type |
LIKE |
% |
Enter Value for Severity |
LIKE |
% |
Enter Value for the Test Type |
LIKE |
% |
Enter Value for Category |
LIKE |
% |
Show Aliases |
|
Radio buttons (On, Off, Default) |
Remote Data Source |
|
Drop-down menu |
Refresh Rate |
|
0 |
Audit Process Log
Audit Process Log
This report shows a detailed activity log for all tasks including start and end times. This
report is available for admin users. Audit tasks show start and end times, however the start and end
of Security Assessments and Classifications (which go to a queue) is the same.
The Audit Process has been expanded to the signoff of specific rows beyond a user signing off on
the entire audit process. Displays a list of what has been signed off and what is the status of
specific rows.
Use this Audit Process Log to stop audit processes. Tasks can be stopped only if the tasks have
not been run or are running. Any more tasks that have not started will not execute. Partial results
will not be delivered. If tasks are complete, stopping the audit process will not stop the sending
of the results. Stopping the audit process is done through a GrdAPI command, invoke api, from the
Audit process Log report. For any user it only shows the line belonging to the user (but without all
the details - just the tasks). Admin users get to see all the details and can stop anyone's runs.
Users can only stop their own runs.
Stopping the audit process does not cancel queries running using a remote source. Neither will
such online reports using a remote source.
Not supported for Privacy sets and External Feed. This means that if the Privacy set task was
started or the External Feed has started - it will finish even if the process is stopped (as opposed
to a query which will be killed).
Audit Process Log ID
Login Name
Run ID
Timestamp
Audit Process ID
Audit Process Description
Audit Task ID
Audit Task Description
Event Type
Detail
Count of Audit Process Log
Available Patches
Displays a list of available patches. There are no run-time parameters. The reporting domain is
system-only.
Audit Job Task Security Assessment
Displays the definition of the audit process job and the task name that runs a security
assessment.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Internal - not available |
Internal - not available |
Run-Time Parameter |
Operator |
Default Value |
Process ID |
LIKE |
% |
Task ID |
LIKE |
% |
Process Description |
LIKE |
% |
Task Description |
LIKE |
% |
Assessment ID |
LIKE |
% |
Assessment Description |
LIKE |
% |
Refresh Rate (Seconds) |
|
0 |
Run-Time Parameter |
Operator |
Default Value |
Process ID |
LIKE |
% |
Task ID |
LIKE |
% |
12.1 and later Audit Process Task Details
Provides audit process information including the Audit process items, audit tasks and the record
count for the audit tasks that belong to the audit process items. This report is useful for
validating the data that is sent to SIEM and ensures the same number of records are sent in a
file.
Domain |
Based on Query |
Main Entity |
Internal - not available |
All Roles - Application Access |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW - 3 HOURS |
Period To |
<= |
NOW |
Remote Data Source |
Drop-down menu |
-- |
Show Aliases |
Radio buttons |
Default |
Refresh Rate (Seconds) |
Drop-down menu |
0 |
Buffer Usage Monitor
Provides an extensive set of buffer usage statistics. For more information, see BigData Intelligence Buff Usage Monitor domain.
Domain |
Based on Query |
Main Entity |
Buffer Usage |
Buff Usage Monitor |
Sniffer Buffer Usage Monitor |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Cassandra DB Object privileges granted to grantee
Lists all the Cassandra DB Object privileges that are granted to users and roles.
Domain |
Based on Query |
Main Entity |
Cassandra DB Object privileges granted to grantee |
Cassandra DB Object privileges granted to grantee |
Cassandra DB Object privileges granted to grantee |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Role |
LIKE |
% |
Enter Value for Resource |
LIKE |
% |
Enter Value for Permission |
LIKE |
% |
Show Aliases |
Radio buttons |
Default |
Remote Data Source |
Drop-down menu |
|
Refresh Rate (Seconds) |
Drop-down menu |
0 |
Cassandra Object privileges granted with grant option
Lists all the Cassandra users and roles with Object privileges that can be granted to another
user.
Domain |
Based on Query |
Main Entity |
Cassandra Object privileges granted with grant option |
Cassandra Object privileges granted with grant option |
Cassandra Object privileges granted with grant option |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Role |
LIKE |
% |
Enter Value for Resource |
LIKE |
% |
Enter Value for Grantable |
LIKE |
% |
Show Aliases |
Radio buttons |
Default |
Remote Data Source |
Drop-down menu |
|
Refresh Rate (Seconds) |
Drop-down menu |
0 |
Cassandra Role granted to User Role
Lists all the Cassandra roles that are granted to a user.
Domain |
Based on Query |
Main Entity |
Cassandra Role granted to User Role |
Cassandra Role granted to User Role |
Cassandra Role granted to User Role |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Role |
LIKE |
% |
Enter Value for Member |
LIKE |
% |
Show Aliases |
Radio buttons |
Default |
Remote Data Source |
Drop-down menu |
|
Refresh Rate (Seconds) |
Drop-down menu |
0 |
Cassandra SuperUser Role
Lists all the Cassandra users with a SuperUser role.
Domain |
Based on Query |
Main Entity |
Cassandra SuperUser Role |
Cassandra SuperUser Role |
Cassandra SuperUser Role |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Role |
LIKE |
% |
Show Aliases |
Radio buttons |
Default |
Remote Data Source |
Drop-down menu |
|
Refresh Rate (Seconds) |
Drop-down menu |
0 |
CAS Deployment
This CAS reports details the Database type, OS name, Hostname and OS type.
Domain |
Based on Query |
Main Entity |
CAS |
CAS Deployment |
Not available |
Run-Time Parameter |
Operator |
Default Value |
DB Type |
Like |
% |
OS_Name |
Like |
% |
Hostname |
Like |
% |
OS_Type |
Like |
% |
Changes (CAS)
CAS Change Details
For each monitored item, the changes are listed in order by owner.
Domain |
Based on Query |
Main Entity |
CAS Changes |
CAS Change Details |
Host Configuration |
Run-Time Parameter |
Operator |
Default Value |
DB_Type |
Like |
% |
Host_Name |
Like |
% |
Instance_Name |
Like |
% |
Monitored_Item |
Like |
% |
OS_Type |
Like |
% |
Type |
Like |
% |
CAS Saved Data
This report lists the data saved for each change detected. This report is sorted by host name,
and then by the most recent modification time.
Domain |
Based on Query |
Main Entity |
CAS Changes |
CAS Saved Data |
Saved Data |
Run-Time Parameter |
Operator |
Default Value |
Host_Name |
Like |
% |
Monitored_Item |
Like |
% |
Saved_Data_Id |
Like |
% |
Configuration (CAS)
CAS Instances
This report lists CAS instance definitions (a CAS instance applies a template set to a specific
CAS host). The default sort order for this report is non-standard. The sort keys are, from major to
minor: Host Name (ascending), Instance (ascending) and Last Status Change (descending).
Domain |
Based on Query |
Main Entity |
CAS Config |
CAS Instances |
Monitored Item Details |
Run-Time Parameter |
Operator |
Default Value |
Host_Name |
Like |
% |
OS_Type |
Like |
% |
DB_Type |
Like |
% |
Instance |
Like |
% |
CAS Instance Config
This report lists CAS instance configuration changes. The default sort order for this report is
non-standard. The sort keys are, from major to minor: Host Name (ascending), Instance (ascending)
and Last Status Change (descending). You can limit the output by using any of the following runtime
parameters, which select all values by default.
Domain |
Based on Query |
Main Entity |
CAS Config |
CAS Instance Config |
Monitored Item Details |
Run-Time Parameter |
Operator |
Default Value |
Host_Name |
Like |
% |
OS_Type |
Like |
% |
Template_Id |
Like |
% |
Connection Profiling List
Connection Profiling List is a group of all allowed connections (the Connection Profiling List
show all connection details).
Domain |
Based on Query |
Main Entity |
Internal - not available |
Connection Profiling List |
Client Server |
Run-time parameter |
Operator |
Default Value |
Query From Date |
>= |
NOW -1 DAY |
Query To Date |
<= |
NOW |
Connections Quarantined
Guardium policies can be used to terminate or quarantine connections in real time. Use threshold
alerts, based on queries. See Quarantine under the Policies topic for configuration instructions.
Domain |
Based on Query |
Main Entity |
Connection Quarantine |
Connections Quarantined |
Connection Quarantine |
Period From |
>= |
NOW -1 DAY |
Run-Time Parameter |
Operator |
Default Value |
Server IP |
LIKE |
% |
DB User |
LIKE |
% |
Server Name |
LIKE |
% |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
CPU Tracker
Lists the Software TAP Host and number of CPUs on machines running S-TAPs.
Domain |
Based on Query |
Main Entity |
Internal - not available |
|
Not available |
Run-Time Parameter |
Operator |
Default Value |
None |
|
|
CPU Usage
By default, displays the CPU usage for the last two hours. This graphical report is intended to
display recent activity only. If you alter the From and To run-time parameters to include a larger
timeframe, you may receive a message indicating that there is too much data. Use a tabular report to
display a larger time period.
Domain |
Based on Query |
Main Entity |
Sniffer Buffer |
CPU Usage |
Sniffer Buffer Usage Monitor |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -2 HOUR |
Period To |
<= |
NOW |
Databases by Type/ Number of DB per type
Server type and client sources for each database type monitored.
Domain |
Based on Query |
Main Entity |
Access |
Number of db per type |
Client/Server |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Databases Discovered
For the reporting period, for each Discovered Port entity where the DB Type attribute value is
NOT LIKE Unknown, this report lists the Probe Timestamp, Server IP, Sever Host Name, DB Type, Port,
Port Type, and count of Discovered Ports for the row.
Domain |
Based on Query |
Main Entity |
Auto-discovery |
Databases Discovered |
Discovered Port |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
PortNotLike |
NOT LIKE |
No default value. |
Datamart Extraction Log
The extraction log has data about both table and file extractions. It presents:Data Mart Name,
Collector IP, Server IP, from-time, to-time, ID, run started, run ended, number of records, status,
error code.
Data Sources
Lists all datasources defined: Data -Source Type, Data-Source Name , Data-Source Description,
Host, Port, Service Name, User Name, Database Name, Last Connect, Shared, and Connection
Properties..
You can restrict the output of this report using the Data Source Name run time parameter, which
by default is set to “%” to select all datasources.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Data-Sources |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Data Source Name |
LIKE |
% |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Days not exported or archived
This report lists the days whose data was not exported or archived, for a system that has a daily
archive or export, and if Allow purge without exporting or archiving is not
selected. For more details, see Viewing days whose data was not archived or exported.
Domain |
Based on Query |
Main Entity |
Catalog |
Days not exported or archived |
Entry |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -2 WEEK |
Period To |
<= |
NOW |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
DB Users Mapping List
The mapping between database users (Invokers of SQL that caused a violation) and email addresses
for real time alerts.
Domain |
Based on Query |
Main Entity |
Auto-discovery |
DB Users Mapping List |
Guardium Users Login |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Default DB Users Enabled
This report details the default users found enabled after a database scan through the group of
default users and list of servers supplied to the Non-credential Scan API. When an enabled user is
found within a database, that occurrence of database/user is reported only once. Subsequent scans
will update the timestamp and database version of the database. If a subsequent scan does not find a
previously found user the timestamp remains unaffected so as to keep a history with the last time
the user was found enabled on a database. Scans are run under the Classifier Listener and submitted
jobs (with the non_credential_scan API) may be tracked using the Guardium Job Queue report.
Domain |
Based on Query |
Main Entity |
Default DB Users Enabled |
Default DB Users Enabled |
Default DB Users Enabled |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Definitions Export/Import Log
This report lists Guardium export/import activity by Activity Type. Each row of the report
contains the Activity Type, Start Time, File Name, Status, Comment, and count of log records for the
row.
Domain |
Based on Query |
Main Entity |
Aggregation/Archive |
Export-Import Definitions Log |
Agg/Archive Log |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Discovered Instances
This S-TAP report details the following information:
Timestamp, Host, Protocol, Port Min, Port Max, KTAP DB Port, Instance Names, Client, Exclude
Client, Proc Names, Named Pipe, DB Install Dir, Proc Name, DB2®
Shared Mem Adjustment, DB2 Shared Mem Client Position, DB2 Shared Mem Size, Unix Socket, DB User, DB Version.
Columns are populated as relevant, according to the database type.
Domain |
Based on Query |
Main Entity |
Discovered Instances |
Discovered Instances |
Discovered Instances |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Discovered Instances Rules Add or Replace Log
This report details the following information: Timestamp, Host, Result, Report Only.
Domain |
Based on Query |
Main Entity |
Discovered Instances |
Discovered Instances Rules Add or Replace Log |
Discovered Instances Rules Results |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Report Only (Yes/No) |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Discovered Instances Rules Results
This report details the following information:
Timestamp, Host, Result Message, Result Type, Report Only, Identifier, Discovered, Protocol, Port
Min, Port Max, Instance Name, Named Pipe, DB Install Dir, Proc Name, DB2 Shared Mem Adjustment , DB2
Shared Mem Client Position, DB2 Shared Mem Size, Unix Socket, DB User, DB Version.
Domain |
Based on Query |
Main Entity |
Discovered Instances |
Discovered Instances Rules Results |
Discovered Instances Rules Results |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Report Only (Yes/No) |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Dropped Requests
Tracks requests dropped by an inspection engine (Exception Description = Dropped database
request). Under extremely rare, high-volume situations some requests may be lost. When this happens,
the sessions from which the requests were lost are listed in the Dropped Requests report.
Domain |
Based on Query |
Main Entity |
Exceptions |
Dropped Requests |
Exception |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Enterprise S-TAP Association
History
Enterprise S-TAP® Association
History reports on how long the S-TAP reported to the
specific Guardium system in the Load balancer environment.
In order to see this
report, you must schedule the CustomTableStapAssocicationJob. (It is not automatically scheduled by
default.) For example, to schedule this job to run hourly, run the command: grdapi
schedule_job cronString="0 0 0/1 ? * 1,2,3,4,5,6,7"
jobType="customTableStapAssocication"
If you set the job to run hourly, you'll see S-TAP association
changes with a one hour delay. If you need to see the changes sooner, you can schedule this job to
run at more frequent intervals. However, there can be a tradeoff in central manager environments
with a large number of S-TAPs, between
frequency of reports and load on the system. If the S-TAPs move
frequently, running this job every five minutes might burden the central manager. Set the frequency
according to your needs, and your environment. To set the job to run every five minutes, run the
command: grdapi schedule_job cronString="0 0/5 0/1 ? * 1,2,3,4,5,6,7"
jobType="customTableStapAssocication"
Enterprise Buffer Usage Monitor
This report shows the aggregate of sniffer buffer usage from all managed units. There is a need
to set the schedule for the upload. See the description of the Sniffer Buffer Usage entity for a
description of the fields listed on this report.
Domain |
Based on Query |
Main Entity |
Enterprise Buffer Usage |
Enterprise Buffer Usage |
Sniffer Buffer Usage |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Exception Count
For the reporting period, the total number of exceptions logged.
Domain |
Based on Query |
Main Entity |
Exceptions |
Exception Count |
Exception |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Export Sensitive Data to Discovery
Guardium and InfoSphere® Discovery have mechanisms
for the Classification of Sensitive Data.
A bidirectional interface is provided to transfer the identified sensitive data from Guardium to
InfoSphere Discovery and from InfoSphere Discovery to Guardium.
This data will be transferred via CSV files. See External data correlation for further information.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Export Sensitive Data to Discovery |
Classification Process Results |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOURS |
Period To |
<= |
NOW |
Rule Description |
LIKE |
|
Schema |
LIKE |
|
External Tickets
Displays details of tickets that are created in Guardium and sent to external sources such as
ServiceNow or Resilient.
Domain |
Based on Query |
Main Entity |
Internal - not available |
External Ticket |
External Ticket |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Guardium Source |
LIKE |
% |
Enter Value for Ticket Number |
LIKE |
% |
Refresh rate in seconds |
|
0 |
FAM Config Change
Displays details about the changes in the File Activity Monitor (FAM) configuration.
Domain |
Based on Query |
Main Entity |
Exceptions |
FAM Config Change |
Exception |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
FAM Progress
Displays details about the progress of File Discovery, Entitlement and Classification (FDEC)
scans for NAS and Sharepoint.
Note: FDEC does not provide live updates for removed objects. The
numbers in the Removed Objects column always reflects the total number of removed
objects.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Not available |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for NAS or SP Host Name |
Like |
% |
Enter Value for Source Directory Path |
Like |
% |
Refresh rate in seconds |
|
0 |
Full SQL
This report summarizes SQL commands performed by the user, or that run on the database (depending
on the source).
Domain |
Based on Query |
Main Entity |
Access |
Full SQL |
Full SQL |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Service Name |
Like |
% |
Enter Value for OS User |
Like |
% |
Enter Value for DB User Name |
Like |
% |
Enter Value for Server IP |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Full SQL - Data Tampering
This is a filtered view of the full SQL report, showing only the results for data tampering.
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Service Name |
Like |
% |
Enter Value for DB User Name |
Like |
% |
Enter Value for OS User |
Like |
% |
Enter Value for Service Name |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Full SQL - Massive Grants
This is a filtered view of the full SQL report, showing only the results for massive grants.
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Server IP |
Like |
% |
Enter Value for DB User Name |
Like |
% |
Enter Value for OS User |
Like |
% |
Enter Value for Service Name |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Full SQL - Possible data leak
This is a filtered view of the full SQL report, showing only the results for possible data
leaks.
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Server IP |
Like |
% |
Enter Value for DB User Name |
Like |
% |
Enter Value for OS User |
Like |
% |
Enter Value for Service Name |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Full SQL - Schema tampering
This is a filtered view of the full SQL report, showing only the results for schema
tampering.
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Server IP |
Like |
% |
Enter Value for DB User Name |
Like |
% |
Enter Value for OS User |
Like |
% |
Enter Value for Service Name |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Full SQL By Client IP
Domain |
Based on Query |
Main Entity |
Access |
Full SQL By Client IP |
Full SQL |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Full SQL by DB User
Domain |
Based on Query |
Main Entity |
Access |
Full SQL by DB user |
Full SQL |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for DB User Name |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Guardium Job Queue
Displays the Guardium Job Queue. Previously known as Classifier/Assessment Job Queue. For each
job, it lists the Process Run ID, Process Type, Status, Guardium Job Process Id, Report Result Id,
Guardium Job Description, Audit Task Description, Queue Time, Start Time, End Time, and Data
Sources.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Guardium Job Queue |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Enter Value for Job Description |
Like |
% |
Enter Value for Process Type |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Both, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh Rate (seconds) |
|
0 |
The job queue
Assessments and Classifications run in their own separate process called the job queue. Jobs are
queued and have their status maintained while a listener periodically polls the queue looking for
waiting jobs to run.
Stopping
Running jobs, when right-clicked for drill-down, there is an option to stop the running job and
cancel it. The job can not be restarted at this point.
Halting
Running jobs are monitored to reduce the number of hung jobs that might cause the job queue to be
come overloaded. If a job is inactive for 30 minutes, the listener is terminated and restarted,
effectively stopping the operation of a job. Before the listener is restarted, a process called the
cleaner runs, the status is set from RUNNING to HALTED, and then the listener is restarted. A status
of HALTED means the job was not able to run to completion.
Resubmitting
Sometimes the listener gets restarted for reasons other than a job hanging, for example rebooting
the machine. When the cleaner halts the running jobs, it will see if the job has responded in the
past 8 minutes. If it has, the job will be copied and that copy will be resubmitted onto the job
queue. The original halted will still display on the queue, and still have the results it was able
to process available.
Monitoring
The mechanism by which jobs maintain their active status is by touching the timestamp on the job
queue record. It is important to note that the job queue record is used for the entire job. Each
individual classifier rule or assessment test interacts with the timestamp for its parent process,
and they do not have individual timestamps that are monitored.
The classifier will update its timestamp before every rule is tested and after every SQL
operation. For example, if the classifier is scanning the data in a database that supports paging,
it will touch the timestamp after each batch of data is brought back from the database. This is
because, depending on the state of the target database, the classifier has the potential to invoke
some long-running queries that will be limited to 30 minutes of execution.
Assessments touch the timestamp after each test in the assessment is evaluated. Most assessment
tests run in a few seconds or less.
Observed Tests
The exception to the relatively quick-running assessment tests is the category of observed
assessment tests. These tests are based on queries and reports that use the internal sniffing data
on the Guardium appliance and can run for longer periods of time and are unable to update the
timestamp while they are in process. Therefore, observed assessment tests have their timestamps set
two hours into the future when they are started, essentially giving them two hours and thirty
minutes to run to conclusion. This can be confusing when looking at the job queue and seeing the
timestamp set to a time in the future. Just like any other assessment test, when the observed test
ends, the timestamp will be touched. If the next test is an observed test, the timestamp will once
again be set two hours into the future. Otherwise, the timestamp will be set to the current
time.
Guardium usage summary
Displays a list S-TAP hosts, number of processors per the Guardium License Metric Tool (ILMT),
and the estimated number of processor value units (PVUs).
To calculate the accurate number of PVUs, see https://www-112.ibm.com/software/howtobuy/passportadvantage/pvucalculator/pvucalc.wss
Domain |
Based on Query |
Main Entity |
Internal-not available |
Guardium usage summary |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Remote Data Source |
|
Drop-down menu |
Show Aliases |
Radio buttons (On, Off, Both, Default) |
Default |
Refresh Rate (seconds) |
|
0 |
GIM Clients Status
Displays a list of GIM clients, including the client name, OS, vendor, installation date, module name, module version, module state, module schedule, and the system
the GIM module reports to.
Domain |
Based on Query |
Main Entity |
GIM Clients Status |
GIM Clients Status |
GIM Clients |
Run-Time Parameter |
Operator |
Default Value |
Client Name |
% |
Not available |
Client OS |
% |
Not available |
GIM Events List
Displays a list of GIM Events.
Domain |
Based on Query |
Main Entity |
GIM Events |
GIM Events |
GIM Events |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
GIM Installed Modules
Displays a list of installed GIM Modules.
Note: This report shows the modules that have been
associated with the host. If a module has been assigned to a host, the assigned version does appear
in this report, even if the module has not yet been scheduled or installed. To check the currently
installed module, review the GIM Client Status report.
Domain |
Based on Query |
Main Entity |
GIM Installed Base |
GIM Installed Base |
GIM Installed |
Run-Time Parameter |
Operator |
Default Value |
none |
not applicable |
not applicable |
Group Usage Report
Displays the list of all defined groups and all the entities that rely on each group.
Guardium API Exceptions
Displays a time stamp and description of all GuardAPI exceptions. These are jobs where the
Exception Type ID is GUARD_API_EXCEPTION.
Domain |
Based on Query |
Main Entity |
Exception |
Guardium API Exceptions |
Exception |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Guardium entitlement consolidation report (using ILMT)
This report provides details on active/inactive S-TAP installed on the data server. If the ILMT
agent is installed, the report shows the processors value of the data server. If the ILMT agent is
not installed, the processor value is blank. This report helps indicate the processor value of the
server with an installed, and active S-TAP. The ILMT agent provides the processor value once an ILMT
agent is installed; this report does not replace ILMT requirements in any sense (Follow ILMT
compliance and audit requirements).
Domain |
Based on Query |
Main Entity |
Internal-not available |
Guardium entitlement consolidation report |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Remote Data Source |
|
Drop-down menu |
Show Aliases |
Radio buttons (On, Off, Both, Default) |
Default |
Refresh Rate (seconds) |
|
0 |
Guardium Group Details
For the reporting period, each row of the report lists a group member. The columns contain the
following information: Group Description, Group Type, Group Subtype, Timestamp (from the Group
Member entity), Group Member, and count of Group Member entities for the row. The value of the
timestamp is set to the current time whenever the record is updated.
You can restrict the output of this report using the run-time parameters, both of which are used
with the LIKE operator and a default value of %, which selects all values.
Domain |
Based on Query |
Main Entity |
Group |
Guardium Group Details |
Group Member |
Run-Time Parameter |
Operator |
Default Value |
Group Description |
LIKE |
% |
Group Type |
LIKE |
% |
Period From |
>= |
NOW -100 MONTH |
Period To |
<= |
NOW |
Guardium Users
Lists each user, date of last activity, and number of roles assigned. For each user, you can
drill down to the Record Details report to see the roles assigned to that user.
Domain |
Based on Query |
Main Entity |
Internal - not available |
User Role |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -100 MONTH |
Period To |
<= |
NOW |
Host History (CAS)
This report lists CAS host events. The default sort order for this report is non-standard. The
sort keys are, from major to minor: Host Name (ascending), Instance and Event Time (descending).
Domain |
Based on Query |
Main Entity |
CAS Host History |
CAS Host History |
Host Event |
Run-Time Parameter |
Operator |
Default Value |
Host_Name |
Like |
% |
OS_Type |
Like |
% |
Event_Type |
Like |
% |
Inactive Inspection Engines
Lists all inactive inspection engines
Domain |
Based on Query |
Main Entity |
Internal - not available |
Inactive Inspection Engines |
S-TAP Verification Header |
Run-Time Parameter |
Operator |
Default Value |
Query from date |
>= |
NOW -3 HOUR |
Query to date |
>= |
NOW |
Inactive S-TAPs Since
Lists all inactive S-TAPs defined on the system. It has a single run-time parameter: Period From,
which is set to now -1 hour by default. Use this parameter to control how you want to define
inactive. This report contains the same columns of data for the S-TAP Status report with the
addition of a count for each row of the report.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Inactive S-TAPs Since |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 HOUR |
Installed Patches
Displays the patches: Patch Number, Guardium Version, Patch Description, Patch
Dependencies, Creation Date, Request Received, Installed By, Status, Status Description, Timestamp,
Requested Schedule.
Domain |
Based on Query |
Main Entity |
Installed Patches |
Installed Patches |
Installed Patch |
Run-Time Parameter |
Operator |
Default Value |
Refresh rate in seconds |
|
0 |
Investigation dashboard issues
This report displays all Investigation dashboard issues that Monitoring and automatic recovery
discovered, including those that are open, in progress, and fixed.
You can limit the output by setting the Guardium Host Name run-time parameter, which is set to %
by default (to select all servers). This reduces the number of issues you see in the report.
Domain |
Based on Query |
Main Entity |
Investigation dashboard issues |
Investigation dashboard issues |
Investigation dashboard issues |
Run-Time Parameters |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Host Name |
LIKE |
% |
Investigation dashboard issues in recovery
This report
displays the Investigation dashboard issues that Monitoring and automatic recovery is currently
trying to fix.
Condition – Investigation Dashboard issue
Status = ‘Recovery in
progress’
You can limit the output by setting the Guardium Host Name run-time parameter, which is
set to % by default (to select all servers). This reduces the number of issues you see in the
report.
Domain |
Based on Query |
Main Entity |
Investigation dashboard issues |
Investigation dashboard issues in recovery |
Investigation dashboard issues |
Run-Time Parameters |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Host Name |
LIKE |
% |
Investigation dashboard open issues
This report displays
the Investigation dashboard issues that Monitoring and automatic recovery was not able to fix that
require manual intervention to resolve
Condition – Investigation Dashboard
issue status
= ‘Error’
You can limit the output by setting the Guardium Host Name run-time parameter, which is
set to % by default (to select all servers). This reduces the number of issues you see in the
report.
Domain |
Based on Query |
Main Entity |
Investigation dashboard issues |
Investigation dashboard open issues |
Investigation dashboard issues |
Run-Time Parameters |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Host Name |
LIKE |
% |
Logged R/T Alerts
For the reporting period, the total number of logged real time alerts, listed by rule
description.
Domain |
Based on Query |
Main Entity |
Policy Violations |
Logged R/T Alerts |
Policy Rule Violation |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Logged Threshold Alerts
For the reporting period, the total number of threshold alerts logged.
Domain |
Based on Query |
Main Entity |
Alert |
Logged Alerts |
Threshold Alert Details |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Logging Collectors (valid only from aggregation unit)
The Logging Collectors report appears under the Daily Monitor Tab and it is valid only on an
aggregator unit. This report shows the number of sessions per Server IP, per collector and per day.
For example: on May 19, aggregator #1 collected 100 sessions for Server 192.168.x.x1, 50 sessions
for Server 192.168.x.x2; aggregator #2 collected 30 sessions for Server 192.168.x.x3, 90 sessions
for Server 192.168.x.x4; etc.
Domain |
Based on Query |
Main Entity |
Exceptions |
Logging Collectors |
Logging Collectors |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Logins to Guardium
All values for this report are from the Guardium Logins entity. For the reporting period, each
row of the report lists the User Name, Login Succeeded (1= Successful, 0=Failed, -1 =password
expired, -2 = login from different IP), Login Date And Time, Logout Date And Time (which is blank if
the user has not yet logged out), Host Name, Remote Address (of the user) and count of logins for
the row.
Domain |
Based on Query |
Main Entity |
Guardium Logins |
Guardium Logins |
Guardium Users Login |
Run-Time Parameter |
Operator |
Default Value |
Host Name |
LIKE |
% |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Managed Units (Central Manager)
Enterprise report on a Central Manager that shows which managed units are up. Use this report in
a Statistical Alert to send an email to an ADMIN anytime a managed unit is down.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Managed Units |
Managed Units |
Run-Time Parameter |
Operator |
Default Value |
Host Name |
LIKE |
% |
Remote Data Source |
|
Drop-down menu |
Show Aliases |
|
Radio buttons (On, Off, Default) |
NAS File Activities
Displays details about the file activity in Network-Attached Storage (NAS) devices.
Domain |
Based on Query |
Main Entity |
Access |
NAS File Activities |
Object/Command |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh Rate (seconds) |
|
0 |
Number of Active Audit Processes
Number of active Guardium audit processes. When central management is used, this report contains
data only on the Central Manager, and is empty on all managed units (the standard message, No data
found for requested query, displays). There are no run-time parameters for this report.
Domain |
Based on Query |
Main Entity |
Audit Process |
Number of Active Processes |
Audit Process |
Oracle Unified Audit Activity
This report presents the server, client, and database details for the logged Oracle traffic.
Domain |
Based on Query |
Main Entity |
Access |
Oracle Unified Audit Activity |
STAP SQL Configuration |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Refresh Rate (seconds) |
|
0 |
Oracle Unified Audit (S-TAP configuration) Activity
This report shows details of the S-TAP and host configurations for Oracle Unified Auditing, the
data pull interval and number of rows, and the timeout.
Domain |
Based on Query |
Main Entity |
S-TAP Status |
Oracle Unified Audit (S-TAP Configuration) Activity |
Client/Server by Session |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Refresh Rate (seconds) |
|
0 |
Outstanding Audit Process Reviews
Number of outstanding Guardium audit processes, listed by Guardium users.
Table 1. Outstanding Audit Process Reviews
Domain |
Based on Query |
Main Entity |
Audit Process |
Outstanding Audit Process Reviews |
Task Results To-Do List |
Primary Guardium Host Change Log
Log of primary host changes for S-TAPs. The primary host is the Guardium unit to which the S-TAP
sends data. Each line of the report lists the S-TAP Host, Guardium Host Name, Period Start and
Period End.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Primary SGuard host change log |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Query Entities and Attributes
This report lists all the entities and attributes in Guardium reports and was created to simplify
the linkage between the Guardium attributes to the GuardAPI calls.
Use this report to also invoke Use this report to also invoke create_constant_attribute,
create_api_parameter_mapping, delete_api_parameter_mapping, or list_param_mapping_for_function.
Domain |
Based on Query |
Main Entity |
Any of Guardium reporting domains |
Any of the entities for the reporting domain |
Any of the attributes within the entity |
Run-Time Parameter |
Operator |
Default Value |
Report Name Like if <> '%' it will show only the domain/entity and
attributes used by reports that match the new parameter.
IF '%' then all domains, queries and
attributes are displayed (including those not used by any report).
|
not applicable |
not applicable |
Replay Statistics
This report shows Replay Statistics for Execution Start/End Date; Configuration Name; Schedule
Setup Name; Job Status; Statistic Description; Session ID; Successful Queries; Failed Queries; Total
Queries; Type; Active/Waiting/Completed Tasks.
Domain |
Based on Query |
Main Entity |
Replay Results Tracking |
Replay Statistics |
Replay Result Statistics |
Run-Time Parameter |
Operator |
Default Value |
Query from date |
>= |
NOW -1 DAY |
Query to date |
<= |
NOW |
Session |
>= |
Not available |
Session |
<= |
Not available |
Replay Summary
For the reporting period, a measure of what query failed or succeeded. Checkmark required in
Replay Configuration for Query Failed or Query Succeeded.
Domain |
Based on Query |
Main Entity |
Replay Results |
Replay Summary |
Replay Results |
Run-Time Parameter |
Operator |
Default Value |
Query from date |
>= |
NOW -1 DAY |
Query to date |
<= |
NOW |
Results status |
% |
Not available |
Schedule setup name |
% |
Not available |
Request Rate
By default, displays the request rate for the last two hours. This graphical report is intended
to display recent activity only. If you alter the run-time parameters to include a larger timeframe,
you may receive a message indicating that there is too much data. Use a tabular report to display a
larger time period.
Domain |
Based on Query |
Main Entity |
Sniffer Buffer |
Request Rate |
Sniffer Buffer Usage Monitor |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -2 HOUR |
Period To |
<= |
NOW |
Restored Data
This report has two columns: RESTORED_DAY and EXPIRATION_DATE. When the user restores data from
archive, this table is populated according to the data restored and the duration specified for
keeping this data. The purge process looks at this table to determine what data can be purged and
cleans up records that expired. RESTORED_DAY is the date of the data that was restored and is in the
past. EXPIRATION_DATE is the date when this data will be purged and is a date in the future.
Domain |
Based on Query |
Main Entity |
Restored Data |
Restored Data |
Restored Data |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -10 DAY |
Period To |
<= |
NOW +10 DAY |
Risky Users - Connection Profiling List
This report is the Connection Profiling List, filtered for risky users.
Domain |
Based on Query |
Main Entity |
Access |
Connection Profiling List |
Client Server |
Run-Time Parameter |
Operator |
Default Value |
Query from date |
>= |
NOW -1 DAY |
Query to date |
<= |
NOW |
Client IP/Src App/DB User/Server IP/Svc Name |
not like group |
Connection Profiling List |
Client IP/Src App/DB User/Server IP/Svc Name |
like group |
Risk Spotter - Risky Users |
Risky Users - Policy Violation
This report is the Policy Violation, filtered for risky users.
Domain |
Based on Query |
Main Entity |
Policy Violations |
Risky Users - Policy Violation |
Policy Rule Violation |
Run-Time Parameter |
Operator |
Default Value |
Client IP/Src App/DB User/Server IP/Svc Name |
like group |
Risk Spotter - Risky Users |
Policy Rule Violation:Severity |
>= |
1 |
Risky Users - SQL Errors
This report is the SQL Errors report, filtered for risky users.
Domain |
Based on Query |
Main Entity |
Exception |
Risky Users - SQL Errors |
Exception |
Run-Time Parameter |
Operator |
Default Value |
Exception Type:Exception Type Description |
like |
Database%Server% |
Client IP/Src App/DB User/Server IP/Svc Name |
like group |
Risk Spotter - Risky Users |
Runtime Sensitive Object Identifier
Displays output from the Runtime Sensitive Object Identifier session level policy. For more
information, see
Runtime sensitive-object identification.
Domain |
Based on Query |
Main Entity |
Runtime Sensitive Object Identifier |
Runtime Sensitive Object Identifier |
Runtime Sensitive Object Identifier |
Scheduled Job Exceptions
Displays a timestamp and the description for each scheduled job exception (including assessment
errors). . These are jobs where the Exception Type ID is one of the following: SCHED_JOB_EXCEPTION,
ASSESSMENT_EXCEPTION, or ASMT_ERROR.
Domain |
Based on Query |
Main Entity |
Sniffer Buffer |
CPU Usage |
Sniffer Buffer Usage |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -2 HOUR |
Period To |
<= |
NOW |
Scheduled Jobs
Displays the list of currently scheduled jobs.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Scheduled Jobs |
Not available |
Session Count
For the reporting period, the total number of different sessions open.
Domain |
Based on Query |
Main Entity |
Access |
Session Count |
Session |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
SharePoint File Activities
Displays details about the file activity in a SharePoint environment.
Domain |
Based on Query |
Main Entity |
Access |
SharePoint File Activities |
Object/Command |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh Rate (seconds) |
|
0 |
SQL Count
For the reporting period, the total number of different SQL commands issued.
Domain |
Based on Query |
Main Entity |
Access |
SQL Count |
SQL |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
S-TAP
Agent Upgrade Pre-Check
Before starting a GIM upgrade, you can
check whether any of the database servers that host Linux-UNIX
S-TAP agents
need to be rebooted during the S-TAP upgrade. This
check is for GIM upgrades only;
it does not cover any other upgrade scenarios.
If the bundles were installed from the managed unit, run the report on the
managed unit. If all clients are managed by the central manager (all GIM clients point to the
central manager, which is best practice and the recommended setup), run the report from the central
manager. The reboot status of GIM clients that point to a managed unit is not captured in a report
that is run on the central manager. Verify that the GIM agent is installed on the database server
before you run the report (relevant for upgrades from a non-GIM installation).
(None of the other modules or bundles need to be installed). All database servers that are listed in
the report will need reboot.
There are no run-time parameters. This reporting domain is system-only.
Columns: S-TAP Host, Installed
by GIM, GIM Parameter Name, Live Update.
Run-Time Parameter |
Operator |
Default Value |
Refresh rate in seconds |
|
0 |
S-TAP
agent with WINSTAP_CMD_LINE parameter
Displays details of what values exist in the WINSTAP_CMD_LINE field for all
Windows S-TAPs.
Windows only: This report is available only for Windows systems.
There are no run-time parameters.
Columns: S-TAP Host, WINSTAP_CMD_LINE Parameter Value.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Internal - not available |
GIM Clients |
S-TAP
Configuration Change History
This report is displayed only when an inspection engine is added or changed. It lists the
S-TAP
configuration changes; each inspection engine change appears on a separate row. Each row lists the
S-TAP Host,
DB Server Type, DB Port From, DB Port To, DB Client IP, DB Client Mask, and Timestamp for the
change.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Configuration Change History |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
S-TAP Events
Use this report for information on the S-TAP (from SOFTWARE_TAP_EVENT table in internal
database).
Domain |
Based on Query |
Main Entity |
Internal - not available |
S-TAP Events |
Not available |
Run-Time Parameter |
Operator |
Default Value |
event type |
LIKE |
% |
host type |
LIKE |
% |
Period From |
>= |
NOW -3 DAY |
Period To |
<= |
NOW |
S-TAP Info (Central Manager)
On a Central Manager, an additional report, S-TAP Info, is available. This report monitors S-TAPs
of the entire environment. Upload this data using the Custom Table Builder.
S-TAP info is a predefined custom domain which contains the S-TAP Info entity and is not
modifiable like the entitlement domain.
When defining a custom query, go to upload page and click Check/Repair to create the custom table
in CUSTOM database, otherwise save query will not validate it. This table loads automatically from
all remote sources. A user cannot select which remote sources are used - it pulls from all of them.
Based on this custom table and custom domain, there are two reports:
Enterprise S-TAP View shows, from the Central Manager, information on an active S-TAP on a
collector and/or managed unit (If there are duplicates for the same S-TAP engine, one being active
and one being inactive, then the report only uses the active).
Detailed Enterprise S-TAP View shows, from the Central Manager, information on all active
and inactive S-TAPs on all collectors and/or managed units.
If the Enterprise S-STAP View and Detailed Enterprise S-TAP View look the same, it is because
there only one S-TAP on one managed unit being displayed. The Detailed Enterprise S-TAP View would
look different if there are more S-TAPs and more managed units involved.
There is an Alert: Inspection Engines and S-TAP that alerts once a day on any activity related to
inspection engine and S-TAP configuration. See Predefined
Alerts.
S-TAP Last Response
Pre-defined query and report are available, but not added to any panels.
The query/report displays All S-TAP Hosts and the last response (heartbeat) sent by each host.
The purpose of this query is to be able to define an alert that triggers when an S-TAP on a host
did not respond for a given period of time.
The input parameters are: Last response From, and, Last Response To.
For example, when executed with Last response From = NOW -5 DAYS and Last Response To = NOW - 3
HOURS, it displays the host name and the last response time for those hosts that sent the last
response in the last 5 days, but had no response in the last 3 hours.
S-TAP
Status
Displays status information about each inspection engine defined on each S-TAP Host. This
report has no From and To date parameters, since it is reporting current status. Each row of the
report lists all the
Guardium Hosts, DB Exec File, DB Server Type, Status, Last Response,
Primary Host Name, Yes/No indicators for the following attributes: KTAP Installed, Shared Memory Driver Installed, DB2 Shared Memory Driver Installed, Named Pipes Driver Installed,
and App Server Installed. In addition, it lists the Hunter DBS.
Note: The DB2 shared memory driver has been superseded by the DB2 Tap feature.
Domain |
Based on Query |
Main Entity |
Internal - not available |
S-TAP Status |
Not available |
S-TAP Status Monitor
For each S-TAP reporting to this Guardium appliance, this report identifies the S-TAP Host, S-TAP
Version, DB Server Type, Status (active or inactive), Last Response Received (date and time),
Primary Host Name, and true/false indicators for: KTAP, MS SQL Server Shared Memory, DB2 Shared Memory,
Local TCP monitoring, Named Pipes Usage, and Encryption; and the Guardium Hosts column that
lists all hosts.
This report has no run-time parameters, and is based on a system-only query that cannot be
modified.
S-TAP
Uninstall Events
Uninstalling an S-TAP could be
evidence of harmful activity. This report details S-TAP uninstall
events.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Not available |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
S-TAP
Verification
List all results of S-TAP verifications,
including: DB server type, Inspection engine identfier, Port range, Last response from S-TAP,
Inspection engine status, Last verification time, Verification schedules, Next scheduled time,
Datasource name, Datasource description, Verification type, Instance name, KTAP, MSS shm,WinDb2 shm
Win TCP, Pipes, Encrypted?, Firewall installed, DB install dir, Load balancing, Alternate IPs,
TLS, DB Exec File.
Domain |
Based on Query |
Main Entity |
Internal - not available |
S-TAP Verification |
S-TAP Verification Header |
Run-Time Parameter |
Operator |
Default Value |
Query from date |
>= |
NOW -3 HOUR |
Query to date |
>= |
NOW |
STAP/Z Files
STAP/Z provides files with raw data collected from DB2 (on
z/OS®) containing DB2
events, SQL statements, etc. This report lists an Interface ID, UA file name (Un-normalized Audit
Event), UT file name (Un-normalized Audit Event text), UH file name (Un-normalized Audit Event host
variables), File Status, Total Number of Events Processed, Number of Events Failed, and Timestamp.
The Run-time parameters are FileName Like % and FileStatus Like %.
This report has two run-time parameters, FileName Like % and FileStatus Like %. It is based on a
system-only query that cannot be modified.
Symptoms
Domain |
Based on Query |
Main Entity |
Eagle Eye |
Symptoms |
Symptompe |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Enter Value for Case ID |
Like |
% |
Show Aliases |
Radio buttons (On, Off, Default) |
Default |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
TCP Exceptions
For the reporting period, for each exception where the Exception Description of the Exception
Type entity is TCP/IP Protocol Exception, a row of this report lists the following attribute values
from the Exception entity: Exception Timestamp, Exception Description, Source Address, Destination
Address, Source Port, Destination Port, and count of Exceptions for that row.
Domain |
Based on Query |
Main Entity |
Exceptions |
TCP Exceptions |
Exception |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Templates (CAS)
This report lists CAS templates. By default, all template items are listed.
Domain |
Based on Query |
Main Entity |
CAS Templates |
CAS Templates |
Template |
Run-Time Parameter |
Operator |
Default Value |
Access_Name |
Like |
% |
Template_Set_Name |
Like |
% |
Audit_Type |
Like |
% |
Test Detail Exception
This report lists all the test detail exceptions that are applied to a security assessment.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Test Detail Exceptions |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Approver |
LIKE |
% |
Exception Type |
LIKE |
% |
Exception Detail |
LIKE |
% |
Test Description |
LIKE |
% |
Datasource Group |
LIKE |
% |
Datasource Name |
LIKE |
% |
Assessment |
LIKE |
% |
Refresh Rate in seconds |
|
0 |
Test
Exceptions Original report and Test Exceptions report
Both reports indicate pairs of tests and datasources that are exempted
temporarily. The Test Exceptions report is a more comprehensive version of
the Test exceptions Original report.
Test Exceptions Original report
Use the following selections to configure the
Test Exceptions Original report:
Domain |
Based on Query |
Main Entity |
Internal - not available |
Test Exceptions |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -12 MONTH |
Period To |
<= |
NOW |
Test Exceptions report
Use the following selections to configure the
Test
Exceptions report:
Domain |
Based on Query |
Main Entity |
Internal - not available |
Test Exceptions |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOUR |
Period To |
<= |
NOW |
Approver |
LIKE |
% |
Test Description |
LIKE |
% |
Datasource Group |
LIKE |
% |
Datasource Name |
LIKE |
% |
Assessment |
LIKE |
% |
Refresh Rate in seconds |
|
0 |
Threat analytics case for analysis
When a case is assigned in the active threat analytics page, this report is sent to the assignee.
It includes the case details and its observations.
Domain |
Based on Query |
Main Entity |
Active Threat Analytics |
Threat analytics case for analysis |
Analytic case observation |
Run-Time Parameter |
Operator |
Default Value |
Case number |
= |
|
Period From |
>= |
NOW -3 HOURS |
Period To |
<= |
NOW |
Threat Analytics Case Observations
This is a drill down report from the open cases and the closed cases reports. It shows the case's
observations.
Domain |
Based on Query |
Main Entity |
Active Threat Analytics |
Threat analytics case observations |
Analytic case observation |
Run-Time Parameter |
Operator |
Default Value |
Case number |
= |
|
Period From |
>= |
NOW -3 HOURS |
Period To |
<= |
NOW |
Threat analytics closed cases
Domain |
Based on Query |
Main Entity |
Active Threat Analytics |
Threat analytics closed cases |
Analytic case |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOURS |
Period To |
<= |
NOW |
Threat analytics open cases
Domain |
Based on Query |
Main Entity |
Active Threat Analytics |
Threat analytics open cases |
Analytic case |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOURS |
Period To |
<= |
NOW |
Threat finder run log
This report gives results of the threat finder runs.
Domain |
Based on Query |
Main Entity |
Analytic Outliers Status |
Threat Finder Run Log |
Analytic status |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -3 HOURS |
Period To |
<= |
NOW |
Show Aliases |
|
Radio buttons (On, Off, Default) |
Remote Data Source |
|
Drop-down menu |
Refresh rate in seconds |
|
0 |
Throughput
For each Access Period in the reporting period, each row lists the Period Start time, the count
of Server IP addresses, and the total number of accesses (Access Period entities).
You can restrict the output of this report using the Server IP run time parameter, which by
default is set to % to select all IP addresses.
Domain |
Based on Query |
Main Entity |
Internal - not available |
DB Server Throughput |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Server IP |
LIKE |
% |
Throughput (graphical)
This report is a Distributed Label Line chart version of the tabular Throughput report. It plots
the total number of accesses over the reporting period, one data point per Period Start time.
You can restrict the output of this report using the Server IP run time parameter, which by
default is set to % to select all IP addresses.
Domain |
Based on Query |
Main Entity |
Access |
DB Server Throughput - Chart |
Access Period |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Server IP |
LIKE |
% |
User Activity Audit Trail Reports
The User Activity Audit Trail menu selection displays two reports. In addition, from each of
those reports, a third report can be produced. See:
- User Activity Audit Trail
- System/Security Activities
- Detailed Guardium User Activity (Drill-Down)
User Activity Audit Trail
For the reporting period, for each User Name seen on a Guardium User Activity Audit entity, each
row displays the Guardium User Name, an Activity Type Description (from the Guardium Activity Types
entity), a Count of Modified Entity values, the Host Name, and the total number of Guardium Activity
Audits entities for that row.
From any row of the this report, the Detailed Guardium User Activity report is available as a
drill-down report.
Domain |
Based on Query |
Main Entity |
Guardium Activity |
User Activity Audit Trail |
Guardium User Activity Audit |
Run-Time Parameter |
Operator |
Default Value |
Host Name |
LIKE |
% |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
System/Security Activities
For the reporting period, for each User Name seen on a Guardium User Activity Audit entity, each
row displays the Guardium User Name, an Activity Type Description (from the Guardium Activity Types
entity), a Count of Modified Entity values, the Host Name, and the total number of Guardium Activity
Audits entities for that row.
From any row of the this report, the Detailed Guardium User Activity report is available as a
drill-down report.
Domain |
Based on Query |
Main Entity |
Guardium Activity |
User Activity Audit Trail |
Guardium User Activity Audit |
Run-Time Parameter |
Operator |
Default Value |
Host Name |
LIKE |
% |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Detailed Guardium User Activity (Drill-Down)
This report is not available from the menu, but can be opened for any row of the User Activity
Audit Trail report, or the System/Security Activities report. For the selected row of the report,
based on the User Name and Activity Type Description, this report lists the following attribute
values, all of which are from the Guardium User Activity Audit entity, except for the Activity Type
Description, which is from the Guardium Activity Types entity: User Name, Timestamp, Modified
Entity, Object Description, All Values, and a count of Guardium User Activity Audits entities for
the row.
Domain |
Based on Query |
Main Entity |
Guardium Activity |
Detailed Guardium User Activity |
Guardium User Activity Audit |
Run-Time Parameter |
Operator |
Default Value |
Activity Type Description |
|
value from calling report |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
User Name |
|
value from calling report |
Warning: Users should be aware that activities of the root user, and other sensitive
system accounts, are logged. Drilling down into the activity of these users may show sensitive
commands and passwords that have been entered on the command line. Therefore users, whenever
possible, should not enter sensitive command line information that they would not like to show on
this drill-down report.
User Comments - Sharable
Sharable user comments are all comments except for inspection engine, installed policy, and audit
process results comments. For each
sharable user comment, this report lists the date created, the type of object referenced (an alert,
for example), the object description, the user who created the comment, and the contents of the
comment.
Note: Comments defined for inspection engines, installed policies, or audit process results can be
viewed from the individual definitions, but they cannot be displayed on a report.
Domain |
Based on Query |
Main Entity |
Comments |
Comments Defined |
Comments |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -2 MONTH |
Period To |
<= |
NOW |
User To-Do Lists
Displays for each Guardium audit process: a description, login name, action required (review or
approve), status, user who has signed or reviewed, and execution date of the specified task.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Users To-do List |
Not available |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Unit Utilization Levels
The following default reports provide unit utilization data:
- Unit Utilization: Displays the maximum unit utilization level for each unit in the given
timeframe. There is a drill-down that displays details for a unit across all periods within the
timeframe of the report.
- Unit Utilization Distribution: Per-unit, this report displays the percent of periods in the
report timeframe with utilization levels of low, medium, and high.
- Utilization Thresholds: This predefined report displays all low and high threshold values for
all unit utilization parameters.
- Unit Utilization Daily Summary: Provides a daily summary of unit utilization data.
Domain |
Based on Query |
Main Entity |
Internal - not available |
Unit Utilization Distribution |
Unit Utilization Levels |
Run-Time Parameter |
Operator |
Default Value |
Period From |
>= |
NOW -24 HOUR |
Period To |
<= |
NOW |
Values Changed
For the reporting period, this report provides detailed information about monitored value
changes. All attribute values displayed are from the Monitor Values entity. The query this report is
based upon has a non-standard sorting sequence, as follows:
- Server IP
- DB Type
- Audit Timestamp
- Audit Table Name
- Audit Owner
The query this report is based upon has a number of run-time parameters, all of which use the
LIKE operator and default to the value %, meaning all values will be selected.
For each monitored value selected, a row of the report lists the Timestamp, Server IP, DB Type,
Service Name, Database Name, Audit Login Name, Audit Timestamp, Audit Table Name, Audit Owner, Audit
Action, Audit Old Value, Audit New Value, SQL Text, Triggered ID, and a count of Change Columns
entities for that row.
Domain |
Based on Query |
Main Entity |
Value Changed |
Values Changed |
Changed Columns |
Run-Time Parameter |
Operator |
Default Value |
Audit Action |
LIKE |
% |
Audit Login Name |
LIKE |
% |
Audit Owner |
LIKE |
% |
Audit Table Name |
LIKE |
% |
DB Type |
LIKE |
% |
Period From |
>= |
NOW -1 DAY |
Period To |
<= |
NOW |
Server IP |
LIKE |
% |